// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package mssql_test

import (
	"context"
	"fmt"
	"testing"

	"github.com/hashicorp/go-azure-helpers/lang/pointer"
	"github.com/hashicorp/go-azure-helpers/lang/response"
	"github.com/hashicorp/go-azure-sdk/resource-manager/sql/2023-08-01-preview/databasevulnerabilityassessmentrulebaselines"
	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance"
	"github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check"
	"github.com/hashicorp/terraform-provider-azurerm/internal/clients"
	"github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk"
)

type MsSqlDatabaseVulnerabilityAssessmentRuleBaselineResource struct{}

func TestAccMsSqlDatabaseVulnerabilityAssessmentRuleBaseline_basic(t *testing.T) {
	data := acceptance.BuildTestData(t, "azurerm_mssql_database_vulnerability_assessment_rule_baseline", "test")
	r := MsSqlDatabaseVulnerabilityAssessmentRuleBaselineResource{}

	data.ResourceTest(t, r, []acceptance.TestStep{
		{
			Config: r.basic(data),
			Check: acceptance.ComposeTestCheckFunc(
				check.That(data.ResourceName).ExistsInAzure(r),
			),
		},
		data.ImportStep(),
	})
}

func TestAccMsSqlDatabaseVulnerabilityAssessmentRuleBaseline_primary(t *testing.T) {
	data := acceptance.BuildTestData(t, "azurerm_mssql_database_vulnerability_assessment_rule_baseline", "test")
	r := MsSqlDatabaseVulnerabilityAssessmentRuleBaselineResource{}

	data.ResourceTest(t, r, []acceptance.TestStep{
		{
			Config: r.primary(data),
			Check: acceptance.ComposeTestCheckFunc(
				check.That(data.ResourceName).ExistsInAzure(r),
			),
		},
		data.ImportStep(),
		{
			Config: r.update(data),
			Check: acceptance.ComposeTestCheckFunc(
				check.That(data.ResourceName).ExistsInAzure(r),
			),
		},
		data.ImportStep(),
	})
}

func (MsSqlDatabaseVulnerabilityAssessmentRuleBaselineResource) Exists(ctx context.Context, client *clients.Client, state *pluginsdk.InstanceState) (*bool, error) {
	id, err := databasevulnerabilityassessmentrulebaselines.ParseBaselineID(state.ID)
	if err != nil {
		return nil, err
	}

	resp, err := client.MSSQL.DatabaseVulnerabilityAssessmentRuleBaselinesClient.Get(ctx, *id)
	if err != nil {
		if response.WasNotFound(resp.HttpResponse) {
			return nil, fmt.Errorf(" %q not found", *id)
		}
		return nil, fmt.Errorf("reading %q : %v", *id, err)
	}

	return pointer.To(resp.Model != nil), nil
}

func (r MsSqlDatabaseVulnerabilityAssessmentRuleBaselineResource) basic(data acceptance.TestData) string {
	return fmt.Sprintf(`
%[1]s

resource "azurerm_mssql_database_vulnerability_assessment_rule_baseline" "test" {
  server_vulnerability_assessment_id = azurerm_mssql_server_vulnerability_assessment.test.id

  database_name = azurerm_mssql_database.test.name
  rule_id       = "VA2111"
  baseline_name = "default"

  baseline_result {
    result = [
      "SCHEMA",
      "dbo",
      "CONTROL",
      "SQL_USER",
      "adminuser1"
    ]
  }

  baseline_result {
    result = [
      "SCHEMA",
      "dbo",
      "CONTROL",
      "SQL_USER",
      "adminuser2"
    ]
  }
}
`, r.database(data))
}

func (r MsSqlDatabaseVulnerabilityAssessmentRuleBaselineResource) primary(data acceptance.TestData) string {
	return fmt.Sprintf(`
%[1]s

resource "azurerm_mssql_database_vulnerability_assessment_rule_baseline" "test" {
  server_vulnerability_assessment_id = azurerm_mssql_server_vulnerability_assessment.test.id

  database_name = azurerm_mssql_database.test.name
  rule_id       = "VA2065"
  baseline_name = "master"

  baseline_result {
    result = [
      "clientip",
      "255.255.255.255",
      "255.255.255.255"
    ]
  }
}
`, r.database(data))
}

func (r MsSqlDatabaseVulnerabilityAssessmentRuleBaselineResource) update(data acceptance.TestData) string {
	return fmt.Sprintf(`
%[1]s

resource "azurerm_mssql_database_vulnerability_assessment_rule_baseline" "test" {
  server_vulnerability_assessment_id = azurerm_mssql_server_vulnerability_assessment.test.id

  database_name = azurerm_mssql_database.test.name
  rule_id       = "VA2065"
  baseline_name = "master"

  baseline_result {
    result = [
      "clientips",
      "255.255.255.255",
      "255.255.255.255"
    ]
  }

  baseline_result {
    result = [
      "myip",
      "255.255.255.0",
      "255.255.255.0"
    ]
  }
}
`, r.database(data))
}

func (MsSqlDatabaseVulnerabilityAssessmentRuleBaselineResource) database(data acceptance.TestData) string {
	return fmt.Sprintf(`
provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "test" {
  name     = "acctestRG-mssql-%[1]d"
  location = "%[2]s"
}

resource "azurerm_mssql_server" "test" {
  name                         = "acctestsqlserver%[1]d"
  resource_group_name          = azurerm_resource_group.test.name
  location                     = azurerm_resource_group.test.location
  version                      = "12.0"
  administrator_login          = "mradministrator"
  administrator_login_password = "thisIsDog11"
}

resource "azurerm_storage_account" "test" {
  name                     = "accsa%[1]d"
  resource_group_name      = azurerm_resource_group.test.name
  location                 = "%[2]s"
  account_tier             = "Standard"
  account_replication_type = "GRS"
}

resource "azurerm_storage_container" "test" {
  name                  = "acctestsc%[1]d"
  storage_account_name  = azurerm_storage_account.test.name
  container_access_type = "private"
}

resource "azurerm_mssql_server_security_alert_policy" "test" {
  resource_group_name = azurerm_resource_group.test.name
  server_name         = azurerm_mssql_server.test.name
  state               = "Enabled"
}

resource "azurerm_mssql_server_vulnerability_assessment" "test" {
  server_security_alert_policy_id = azurerm_mssql_server_security_alert_policy.test.id
  storage_container_path          = "${azurerm_storage_account.test.primary_blob_endpoint}${azurerm_storage_container.test.name}/"
  storage_account_access_key      = azurerm_storage_account.test.primary_access_key
}

resource "azurerm_mssql_database" "test" {
  name      = "acctestdb%[1]d"
  server_id = azurerm_mssql_server.test.id
  sku_name  = "S0"
}
`, data.RandomInteger, data.Locations.Primary)
}
